x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions
xetup/CHANGELOG.md
X9 Dev 76b72e569e
All checks were successful
release / build-and-release (push) Successful in 38s
Details
feat(bloatware): keep Microsoft.Windows.Photos 
Add Photos to the always-keep list (KeepPackages) like Calculator - the
default image viewer should not be removed. It stays in the removal list
but the keep-guard skips it and logs KEEP. Updates script header,
CLAUDE.md DO-NOT, web spec table, descriptions.json and CHANGELOG.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-05 14:56:36 +02:00

122 lines
6.9 KiB
Markdown
Raw Permalink Blame History

# Changelog
All notable changes to xetup. Format based on [Keep a Changelog](https://keepachangelog.com).
No diacritics anywhere (project rule).
Builds are continuous: every push to `main` produces a signed `xetup.exe` published as the
`latest` release. Version tags (e.g. `v0.7`) mark notable milestones.
## [Unreleased]
### Changed
- **Photos now kept** (01): `Microsoft.Windows.Photos` is added to the always-keep list
(`KeepPackages`), so the default image viewer is no longer removed - like Calculator. It stays
in the removal list but the keep-guard skips it and logs `KEEP Microsoft.Windows.Photos`.
## [0.9] - 2026-06-03
### Added
- **Bloatware feature toggles** (01): the bloatware step now exposes three GUI checkboxes -
`standardBloatware` (default on, the bulk AppX/capability/feature list), `removeNewOutlook`
(default on, the new Outlook for Windows app `Microsoft.OutlookForWindows`) and
`removeSnippingTool` (default OFF). Each toggle is independent, so a technician can spare
Outlook or remove the Snipping Tool without affecting the rest.
### Changed
- **Snipping Tool now kept by default** (01): `Microsoft.ScreenSketch` (the modern Snipping Tool
app) plus the legacy capability and optional feature are no longer removed unless
`removeSnippingTool` is checked - it is a commonly used productivity tool, like Calculator.
Classic Outlook from M365 was never removed (it is a Win32 app, not an AppX package); only the
bundled new Outlook is, and that is now toggleable.
### Fixed
- **`bloatware.keepPackages` was dropped at runtime**: the Go `Config` struct had no `Bloatware`
field, so the GUI's runtime-config regeneration silently discarded `keepPackages`. Added the
field so the keep-list survives and is honored by `01-bloatware.ps1`.
## [0.8] - 2026-06-02
### Added
- **Web changelog page** (`/changelog/`) that renders `CHANGELOG.md` from the repo (Forgejo raw
API via the `/forgejo-api` proxy) - single source of truth. Linked from the site nav.
- **CI release automation**: the release workflow derives the release notes from `CHANGELOG.md`,
and a version tag (`vX.Y`) builds, signs and publishes a named (non-prerelease) release for
that version; `main`/dispatch keep the rolling `latest` prerelease.
### Fixed
- **BackInfo background color**: use the COLORREF value `4668194` for #223B47. BackInfo uses a
COLORREF (`0x00BBGGRR` / BGR), so the 0.7 value `2243399` (`0x223B47`) was read with red/blue
swapped and rendered olive-brown (#473B22). Reverts the 0.7 change.
- **BackInfo black border in some profiles** (04): BackInfo paints a centered bitmap; when it is
smaller than the screen, the surrounding desktop showed black in profiles whose
`Control Panel\Colors\Background` was not set. The solid desktop background color (#223B47) is
now written to HKU\.DEFAULT and to every existing user profile (loading each hive as needed),
in addition to the Default hive and current user, so the area around the bitmap blends in.
## [0.7] - 2026-06-02
### Added
- **Code signing in CI**: the release workflow signs `xetup.exe` on every push (and via
`workflow_dispatch`) using Azure Trusted Signing (certificate "X9.cz s.r.o.") through jsign,
plus an RFC3161 timestamp (`timestamp.acs.microsoft.com`). jsign is pinned by version + sha256.
Trusted Signing certs are short-lived (~3 days); the timestamp keeps the signature valid past
expiry. Only `AZURE_CLIENT_SECRET` is a Forgejo Actions secret. (`853908b`)
- `workflow_dispatch` trigger for manual release runs. (`cdad15a`)
- **Keyboard layout**: CZ primary + US secondary, applied to all profiles via
`Set-WinUserLanguageList` (current user) and the `Preload` key in the Default hive and
`HKU\.DEFAULT`. (`94b7786`)
### Fixed
- **winget** (02, 11): pass `--source winget` to every install. Fresh Win11 ISOs ship an App
Installer with a stale pinned cert, so the msstore source fails with `0x8a15005e` and aborts
the install; forcing the winget source bypasses it. (`94b7786`)
- **Network Discovery** (10): enable by resource-string group `-Group "@FirewallAPI.dll,-32752"`
instead of `-DisplayGroup "Network Discovery"`, which is localized and failed on Czech Windows. (`94b7786`)
- **Atera detection** (02): verify via the `AteraAgent` service (`Get-Service`) with a path-check
fallback incl. `C:\ProgramData`, since Atera no longer installs to a fixed location. (`94b7786`)
- **Windows Update log** (12): format installed updates via `$_.Result`/`$_.Title` instead of
logging the raw objects (which printed "System.__ComObject"). (`94b7786`)
- **UCPD** (02): the UCPD stop failure on Win11 24H2 (protected service) is logged WARN, not
ERROR; the system-wide HKCR write succeeds regardless. (`94b7786`)
- **Atera under SYSTEM** (02): install the MSI via a one-shot scheduled task running as
`NT AUTHORITY\SYSTEM` (`msiexec /qn`). Under SYSTEM the agent registers silently with no
interactive MFA window. (`451b9e2`)
- **Taskbar File Explorer pin** (04): pin Explorer via its AppUserModelID
(`DesktopApplicationID="Microsoft.Windows.Explorer"`) instead of a hand-made `.lnk`. The custom
shortcut launched a second Explorer that did not group with the running window and could not be
unpinned. (`451b9e2`)
- **Accent color in all profiles** (04): write `AccentPalette` (REG_BINARY, 8 shades from #223B47)
alongside `AccentColor`. Without it Win11 drops the custom accent on Start/taskbar and falls back
to the default. The full theme (Custom mode: dark system + light apps; accent on Start/taskbar and
title bars/borders) is written to the Default hive, the current user (HKCU) and `HKU\.DEFAULT` so
all profiles match. (`4d08d0c`)
- **BackInfo background color**: changed `BackgroundColor` to 2243399 (later found wrong - BackInfo
uses COLORREF/BGR; corrected in [Unreleased]). (`4d08d0c`)
### CI / Infra
- deploy.json update step made non-fatal (cosmetic, runs after the release is published). (`8a7fc10`)
- Forgejo runner: bind-mount the docker socket into job containers so the deploy.json step's
`docker exec` works. (`c8c8523`, `beceeb4`)
- docker-compose: mount `web/data` read-write so CI can refresh `deploy.json` (rest of the web
docroot stays read-only). (`7becac7`)
### Docs
- Web (spec, descriptions.json, navod, landing) updated for all of the above.
- `SPEC.md` + `CLAUDE.md` synced. Added this `CHANGELOG.md`.
## [0.6] - 2026-04-28
### Added
- Step 03: disable hibernation and Smart App Control; reworked Edge configuration
(mandatory policies + initial_preferences). (`0cfe751`)
### Fixed
- Reliability and robustness pass: watchdog kills a stalled script after 30 min of silence;
reboot-loop protection caps each step at 5 restarts; atomic `state.json` writes (tmp+rename);
email report retried 3x with a local HTML fallback; Default-hive unload retried; resume mode
fixed to actually run pending steps. (`d30767e`)
---
Earlier history (pre-0.6): see the git log - initial Go launcher, embedded PowerShell steps,
reboot-resume cycle, Forgejo CI build, and the static site at xetup.x9.cz.
Reference in a new issue View git blame Copy permalink